zerophish / console
Register Sign in
URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL

The full anatomy of a phishing site,
one URL at a time.

ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.

scan
100 scans / day · free · typical scan 2–4 s ·
try
Result scan 3681a67a
Scan another →
CACHED Showing previous scan from 1 h ago. Click Reanalyze to run a fresh scan.
PHISHING · HIGH CONFIDENCE

Phishing detected

brand Societe Generale / Mon espace scan id 3681a67a duration 21.41s signals 3 failing / 17
Risk score 1.00
100 / 100 · High risk
Tags
URL anatomy societegenerale-monespace.bolt.host
https :// societegenerale-monespace . bolt . host /
flagged registered domain path protocol / query
Indicators of compromise 6 · click any row to copy
URL hxxps://societegenerale-monespace[.]bolt[.]host/
Host societegenerale-monespace[.]bolt[.]host
Registered domain bolt[.]host
Brand Societe Generale / Mon espace
Screenshot https://cdn.zerophish.ai/a289f657-544f-4288-bc7e-6317e4f06fe4.jpg
Scan ID 3681a67a-e7db-4c92-9aa4-b5761d8935e2
Detection signals 3 fail · 2 warn · 7 pass
Brand typo-squat detected
No similar legitimate brand within edit-distance 2
critical
Domain age
Awaiting analysis
high
Threat intel blocklists
Awaiting analysis
critical
Credential collection form
No credential collection form on visible content
high
Visual similarity to known brand
Brand presentation matches the registered owner
high
Favicon impersonation
Favicon matches the registered owner
medium
SSL certificate
Served over HTTPS · valid TLS certificate
low
DNS reputation
Awaiting analysis
medium
showing 8 of 17 ·
Captured page from scan
Captured page
screenshot · captured at scan live page render
Brand impersonation visual + DOM analysis
S
Societe Generale / Mon espace
0%
Technical profile resolved at scan time
Host societegenerale-monespace.bolt.host
Registered domain bolt.host
Scheme https
Content length 41518 B
HTTP 200 · text/html
JARM 0d39b39b30d30d37d20320327d20122de7c02fe862e334985aa656e5df0651
Redirect hops 1
Analyst summary AI-generated
Initial scan heuristic + LLM

The page presents almost no content beyond a loading screen: the HTML shows only a basic “Chargement…” (loading) message and no visible login, form fields, or account prompts.

While the URL path contains “societegenerale-monespace”, which resembles a Societe Generale “Mon espace” portal, the provided HTML/OCR lacks any brand UI, security warnings, or credential-collection elements to confirm an impersonation attempt. Because there is insufficient rendered content to verify a credential form or a mismatch between brand and origin, the evidence is inconclusive.

Overall, I lean conservative: treat this as likely benign for now, but monitor for real content when the page finishes loading (e.g., a login form on a non–Societe Generale domain).

🤖 Agent run #1 autonomous investigation

The page at societegenerale-monespace.bolt.host impersonates Société Générale, a major French bank — “Mon Espace” is their customer portal branding. The page loads disable-devtool, an anti-analysis library that prevents opening browser developer tools, a technique strongly associated with phishing kits. It is hosted on bolt.host (linked to bolt.new, a web-app builder), not on any legitimate Société Générale domain. The page was stuck in a redirect loop at /ntmfdp and never rendered a form, but the domain structure, brand impersonation, anti-debugging measures, and free-tier hosting together confirm this is a phishing infrastructure setup.